2.2.0
MidnightBSD 2.2
6/7/2022
I’m happy to announce the availability of MidnightBSD 2.2 for amd64 and i386. This release focused on updating third party software in the base system and some smaller enhancements.
Upgrade Process
(you can also do this with svnlite using github)
Install git if you don’t have it already
mport install git
Fetch MidnightBSD from git via github.com/midnightbsd/src.git (assumes you don’t have /usr/src populated)
git clone https://github.com/MidnightBSD/src.git
Checkout the stable/2.2 branch
git checkout stable/2.2
cd /usr/src; make clean buildworld buildkernel;
mergemaster -p
make installkernel
reboot
(if it works OK, login and go to /usr/src)
make installworld
mergemaster -iU
mport index
Update installed mports/packages.
rm -rf /usr/lib/perl/5.32.0
cd /usr/src/; make check-old; then run make delete-old and finally make installworld
When you are done, verify that Perl is updated by running perl -v
You should have Perl 5.36.0.
Bug Fixes and new features
use md library sha256 implementation for lzma
/bin/sh updated based on freebsd 12-stable sources
root shell changed to tcsh from csh. This adds history to the root user’s interactive shell. We may change the root shell to mksh in the future.
Introduce a patch to dummynet from pfsense to increase max value to 4Gb/s instead of 2Gb/s.
mport 2.2.0
removes use of libdispatch / gcd dependency so we can eventually support static built mport.
add desktop-file-utils command to plist.
add KLD to plist handler (allows packages to define kernel modules)
Introduce type on ucl pkg messages (allows package messages on specific events)
add null check on stub detach (prevents crashing when unloading a package)
add chroot path to libexec commands and mport.list (allows a chroot for updating in a jail)
Fixed issues with desktop startup and created an initial .xinitrc file for GUI installs.
A Hyper-V vPCI emulation change can cause SR-IOV (Single-Root I/O Virtualization) and DDA (Discrete Device Assignment) devices to fail to operate correctly under Hyper-V. In recent Hyper-V releases on Windows Server 2022, the vPCI code does not initialize the last 4 bit of device registers. This behavior change could result in failure to initialize guest drivers for SR-IOV or DDA devices.
Netcat: add sctp support from FreeBSD
Add ptsname_r to libc.
Ipfilter bug fixes from FreeBSD.
Enable dbus and hald during the firstboot script (long term we want hal to go away)
Slow down the loader twiddle. (speeds up boot on VMs like AWS AMI and older hardware)
add siginfo to chflags
switch to less pager for root.
cat(1): Bring in a bug fix for the -e flag as found in FreeBSD 12 stable
Security Fixes
Update root certificates bundle
Reject execve when new argc is zero. Fixes a security issue with NULL argv[0] entries similar to the recent CVE with polkit on Linux.
Fix an integer overflow in OpenSSL and memory leaks.
netmap: Fix TOCTOU vulnerability in nmreq_copyin
The total size of the user-provided nmreq was first computed and then
trusted during the copyin. This might lead to kernel memory corruption
and escape from jails/containers.
Security: CVE-2022-23084
netmap
An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/containers.
Security: CVE-2022-23085
The netmap_ioctl() function has a reference counting bug in case of
NETMAP_REQ_PORT_INFO_GET command. When hdr->nr_name[0] == '\0'
,
the function does not decrease the refcount of "nmd", which is
increased by netmap_mem_find(), causing a refcount leak.
Wpa_supplicant: A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.
Binutils: The function make_relative_prefix_1 does not properly free locally
allocated memory when it returns early. Free the memory associated with the variables full_programe, bin_dirs, prog_dirs, and prefix_dirs when the function returns early.
Zlib: Fix CLEAR_HASH macro to be usable as a single statement. Fix a security issue in inflate.c
3rd Party Software
Perl 5.36.0
Libucl 0.8.1
tzdata 2022a
lua 5.3.6
subversion 1.14.1
expat 2.47
sqlite 3.38.2 (also enabled math functions)
OpenSSH 8.8p1
zlib 1.2.12
update libucl
Hardware
Update pci vendor ids
add libusb_has_capability to libusb
The 802.11 beacon handling routine failed to validate the length of an
IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.
Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers
allocated a buffer of a caller-specified size, but copied to it a fixed size
header. Other heap content would be overwritten if the specified size was
too small.
bhyve
The e1000 network adapters permit a variety of modifications to an Ethernet
packet when it is being transmitted. These include the insertion of IP and
TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation
offload ("TSO"). The e1000 device model uses an on-stack buffer to generate
the modified packet header when simulating these modifications on transmitted
packets.
When checksum offload is requested for a transmitted packet, the e1000 device
model used a guest-provided value to specify the checksum offset in the on-
stack buffer. The offset was not validated for certain packet types.
The hard-coded size for state region 1 (SSE/XMM) was incorrect.
Known Issues
mport package manager - On systems with a large number of packages installed, a mport upgrade can run out of file descriptors.
OpenSSL is quite out of date. We had planned to update this for the release, but ran into some issues with GELI. Instead, we backported some public patches to our OpenSSL version. We will continue to work on this and do another release when available. Please use the mports version of OpenSSL for any software you build.